You are here

Home » API reference » SAML Authentication 8.2 » SamlController.php » SamlController

protected function SamlController::getRedirectUrlAfterProcessing in SAML Authentication 8.2

Same name and namespace in other branches
  1. 8.3 src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getRedirectUrlAfterProcessing()
  2. 4.x src/Controller/SamlController.php \Drupal\samlauth\Controller\SamlController::getRedirectUrlAfterProcessing()

Returns a URL to redirect to.

This should be called only after successfully processing an ACS/logout response.

Parameters

bool $logged_in: (optional) TRUE if an ACS request was just processed.

Return value

\Drupal\Core\Url The URL to redirect to.

2 calls to SamlController::getRedirectUrlAfterProcessing()
SamlController::acs in src/Controller/SamlController.php
Attribute Consumer Service.
SamlController::sls in src/Controller/SamlController.php
Single Logout Service.

File

src/Controller/SamlController.php, line 252

Class

SamlController
Returns responses for samlauth module routes.

Namespace

Drupal\samlauth\Controller

Code

protected function getRedirectUrlAfterProcessing($logged_in = FALSE) {
  if (isset($_REQUEST['RelayState'])) {

    // We should be able to trust the RelayState parameter at this point
    // because the response from the IDP was verified. Only validate general
    // syntax.
    if (!UrlHelper::isValid($_REQUEST['RelayState'], TRUE)) {
      $this
        ->getLogger('samlauth')
        ->error('Invalid RelayState parameter found in request: @relaystate', [
        '@relaystate' => $_REQUEST['RelayState'],
      ]);
    }
    elseif (strpos($_REQUEST['RelayState'], OneLogin_Saml2_Utils::getSelfURLhost() . '/saml/') !== 0) {
      $url = $_REQUEST['RelayState'];
    }
  }
  if (empty($url)) {

    // If no url was specified, we check if it was configured.
    $url = $this->config
      ->get($logged_in ? 'login_redirect_url' : 'logout_redirect_url');
  }
  if ($url) {
    $url = $this->token
      ->replace($url);

    // We don't check access here. If a URL was explicitly specified, we
    // prefer returning a 403 over silently redirecting somewhere else.
    $url_object = $this->pathValidator
      ->getUrlIfValidWithoutAccessCheck($url);
    if (empty($url_object)) {
      $type = $logged_in ? 'Login' : 'Logout';
      $this
        ->getLogger('samlauth')
        ->warning("The {$type} Redirect URL is not a valid path; falling back to default.");
    }
  }
  if (empty($url_object)) {

    // If no url was configured, fall back to a hardcoded route.
    $url_object = Url::fromRoute($logged_in ? 'user.page' : '<front>');
  }
  return $url_object;
}